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MAINTAINING CONFIDENTIALITY OF PERSONAL INFORMATION 
DURING E- COMMERCE TRANSACTIONS 

The present invention is related to the subject 
matter of the following commonly assigned, co-pending 

United States Patent Application, Serial No. 

(Docket No. AUS000060US1) entitled "Third Party Contract 
Depository for E-Commerce Transactions," filed 
concurrently herewith. 

BACKGROUND OF THE INVENTION 

1. Technical Field: 

The present invention relates in general to 
commercial transactions and in particular to commercial 
transactions on the Internet. Still more particularly, 
the present invention relates to a method, system and 
program for maintaining confidentiality of personal 
information on the Internet during commercial 
transactions on the Internet. 

2. Description of the Related Art: 

Internet commerce or E-commerce, as it is commonly 
referred to in the industry, is quickly becoming a 
preferred method of conducting commercial transactions. 
Many traditional and non-traditional businesses have 
realized the vast potential of conducting business on the 
Internet and have established web sites by which 
potential customers or clients may remotely access their 
respective information or products. This merging of 
business with the electronic medium of the Internet has 
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thus resulted in an increase in commercial and personal 
transactions . 

E-commerce transactions may be either point-to- 
point/bipartite (i.e., an individual communicating 
directly with another individual or a business web site) 
or multi-point (i.e., many individuals transacting with 
each other, as in a swap room, or with on-line auctions, 
for example) . Typically, a web server provides the 
background within which these E-commerce transactions 
take place. 

Currently, most E-commerce transactions are 
bipartite and occur between a merchant and a buyer. The 
merchant is represented online by a web site located on 
a web server and accessible via a universal resource 
locator (URL) or web address. The buyer connects to the 
Internet via one of several known means of connecting to 
the Internet and accesses the merchant's web site. The 
merchant and the buyer enter into a transaction within 
the web server, which is recorded in electronic form on 
the web server as an agreement (or contract) . Thus, the 
contract is typically stored in the web server of the 
merchant . A buyer may be provided with the opportunity 
to print the contract prior to terminating the connection 
to the web site. 

As in traditional commercial transactions, disputes 
often arise about the actual terms (price, quantity, 
freight charges, etc.) of a transaction subsequent to the 
creation of the contract. In the traditional arena, 
contracts are typically in written form and at least one 
party has signed the original contract document verifying 
its authenticity. The terms, as written in this document 
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are difficult, if not impossible, to manipulate without 
being noticeable once the signature has been affixed to 
the page. 

In the electronic medium of the Internet, electronic 
documents are generated, which are typically stored on 
the merchant's web server and are easily modifiable. The 
electronic nature of the document allows anyone with 
access to the web server to modify the terms of the 
original agreement. There is thus an inherent 
uncertainty in the validity of electronic documents. It 
is therefore difficult for the buyer or a third party 
arbitrator to determine the authenticity of the documents 
when a dispute arises. 

Several prior art patents have taught methods for 
ensuring authenticity of communications/documents on the 
Internet with the use of digital signatures. U.S. Patent 
No, 5,949,876 discloses a system and method for secure 
transaction management for insuring that information is 
accessed and utilized only in an authorized way. U.S. 
Patent No. 5,850,442 teaches the use of public key 
infrastructure (i,e,, smart token technology) to secure 
electronic transactions. A third party is utilized to 
register an application which is held and made accessible 
to the recipient after signature verification/ 
authentication using a smart token. 

Both of these patents use a digital signature, which 
may be provided to both the buyer and merchant . Use of 
digital signatures, however, has not been adopted widely 
by the Internet community, particularly due to associated 
costs and other logistical concerns, such as the 
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complexity involved in creating the digital signatures 
and revoking lost or compromised digital signatures. 

Another method, which utilizes a third party, has 
been proposed by United Parcel Services (UPS) OnLine 
Courier®, This method essentially allows the delivery of 
secure e-mail via the UPS as a depository third party. 
The sender sends a document using UPS OnLine Courier, 
The document is securely uploaded to the secure UPS 
OnLine Courier server, which sends an e-mail notification 
to the recipient that there is a document delivery for 
him. The recipient uses the URL provided in the e-mail 
to download the document from the secure UPS OnLine 
Courier server via a Web browser. As an option, the 
sender may specify that the recipient may only download 
the file if he has provided a password to the UPS OnLine 
Courier server, insuring the sender that only the 
intended recipient may open the document. 

Another problem encountered during E- commerce 
transactions is the loss of or low levels of privacy with 
respect to distribution of personal information (name, 
address, email address, etc) of a buyer. Buyers are 
usually required to enter personal information into the 
merchant's web site when conducting a transaction. E- 
bay, for example, provides multi-point E-commerce 
transactions; however, E-bay displays the personal 
information of each visitor who transacts on the site and 
does not provide for any anonymity/confidentiality. 
Occasionally, merchants subject their buyers to 
unsolicited e-mails (referred to as "junk mail") or 
physical mail, which advertise products of the merchant 
or another entity to which the merchant has forwarded the 
buyer's personal information. Also, the buyer may wish to 
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withhold his personal information from the merchant for 
other reasons . 

In some instances, a seller may wish to have his 
personal information kept private. Currently, anyone may 
access personal information (such as name and address) 
about the owner of a web site (i.e., find out to whom a 
web server belongs) by looking up the domain name in one 
of the several server databases publicly available 
through issuers of Internet domain names and affiliated 
groups . 

Prior art attempts to handle this problem includes 
U.S. Patent Nos. 5,692,982 and 5,553,145, which disclose 
the use of a third (trusted) party to transmit an 
encrypted message from one party to a second party, 
whereby the identity of the communicating parties may be 
kept secret (from the third party) , A receipt is sent to 
the sending party when the communication is received by 
the receiving party. The method also uses a digital 
signature where each party has a secret signing key and 
matching public verification key for sending and 
accessing the content of the communication. Other related 
patents include U.S. Patent 5,666,42 0 which utilizes a 
third party to communicate if a first attempt to 
communicate directly fails. Chat rooms allow use of 
pseudonyms during internet communications but do not 
extend into the internet -based commercial transactions in 
the context of exchange of financial information. 

None of the prior art methods discloses an efficient 
and globally applicable method for ensuring the 
confidentiality of personal information of parties to an 
E-commerce transaction. The present invention thus 
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recognizes that it would be desirable to provide a method 
and system for providing this functionality (i.e., 
maintaining confidentiality of personal information 
during E-commerce transactions) in an efficient and 
globally applicable manner. A method and system by which 
a person's personal information is preserved away from 
the other party in an E-commerce transaction would be a 
welcomed improvement. These and other benefits are 
provided in the present invention. 
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SUMMARY OF THE INVENTION 

A method, system and program for maintaining 
confidentiality of personal information during E-commerce 
transactions is disclosed: The method, means and program 
instruction comprise the steps of: (1) compiling within a 
depository a profile of personal information of at least 
a first buying party to an E-commerce transaction; (2) 
providing said first buying party with a unique 
identifier (ID) linked to the profile for use during 
subsequent E-commerce transactions; and (3) in response 
to the first buying party providing the identifier to a 
second party, completing said transaction without said 
second party receiving any of said personal information. 

The completing step involves initiating program code 
within the merchant party's web server, wherein the 
program code utilizes the ID to locate and interact with 
the depository via, for example, Transmission Control 
Protocol/Internet Protocol (TCP/IP) . The buying party 
may be provided with the option of selecting within the 
merchant party's web server whether or not he wishes to 
provide his personal information directly to the merchant 
party or use his ID and the depository. 

The above as well as additional objects, features, 
and advantages of the present invention will become 
apparent in the following detailed written description. 
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BRIEF DESCRIPTION OF THE DRAWINGS 

The novel features believed characteristic of the 
invention are set forth in the appended claims. The 
invention itself however, as well as a preferred mode of 
use, further objects and advantages thereof, will best be 
understood by reference to the following detailed 
description of an illustrative embodiment when read in 
conjunction with the accompanying drawings, wherein: 

Figure 1 depicts a data processing system, in which 

a preferred embodiment of the present invention may be 
implemented; 

Figure 2 is a high-level block diagram of a 

distributed data network in accordance with one 
embodiment of the present invention; 

Figure 3 is a high-level block diagram illustrating 

a client -server-depository network structure in 
accordance with one preferred embodiment of the present 
invention; 

Figure 4 is a high level logical flow chart 

depicting the process of a preferred implementation of 
the present invention; 

Figure 5A is a high-level block diagram illustrating 
a client -server-depository network structure, which 
ensures privacy of buyers in accordance with another 
preferred embodiment of the present invention; 
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Figure 5B is a high-level block diagram illustrating 

a client-server-depository network structure, which 
ensures privacy of buyers during purchase of an 
electronic product in accordance with another preferred 
embodiment of the present inventions- 
Figure 6A is a high level logical flow chart 

depicting the process of ensuring privacy of buyers in 
accordance with a preferred implementation of the 
present invention; and 

Figure 6B is a high level logical flow chart 

depicting the process of ensuring privacy of buyers for 
electronic products in accordance with a preferred 
implementation of the present inventions- 
Figures 7A and 7B illustrates two methods of 

ensuring privacy of both parties to a transaction in 
accordance with one embodiment of the present inventions- 
Figures 8A and 8B depict the client graphical user 

interface during an E-commerce transaction in accordance 
with one embodiment of the present invention; and 

Figure 8C depicts the client graphical user 

interface during an E-commerce transaction where privacy 
of the buyer is maintained in accordance with one 
embodiment of the present invention. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

The present invention is directed to a method, 
system and program for maintaining privacy of personal 
information during E-commerce transactions. The 
invention is described with reference to a commercial 
transaction involving a merchant and a buyer. Use of 
these terms are not meant to be restrictive on the 
invention as other types of commercial and non- commercial 
transactions, which may occur on the Internet between two 
parties and result in the generation of an electronic 
document, are contemplated. For the purposes of this 
invention, the term merchant, seller and web site or web 
server are utilized interchangeably to refer to one party 
to a transaction, whether an individual or a corporation, 
who has an accessible site on the Internet at which 
another party may enter into a transaction. Buyer or 
client refers to the other party to a transaction. The 
term document as utilized herein may refer to a simple 
sales receipt or a more complex contract or agreement . 
Finally, all communication and transactions occur within 
the electronic medium (i.e., Internet) unless stated 
otherwise . 

With reference now to the figures and in particular 
with reference to Figure 1, a data processing system that 

may be utilized as a buyer ^s terminal or server on the 
Internet is presented. Data processing system 20 

comprises a Central Processing Unit (CPU) housed in a 
system unit 22. System unit 22 also provides connections 

for various hardware components including disk drives 40, 

and memory devices (not shown) . Stored within memory 
devices are the operating system (OS) 24 and software 
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applications 26 by which many of the processes of the 

invention are implemented as will become clear later. 

Several peripheral input/output devices are connected to 
the CPU. These input/output devices include keyboard 82, 

mouse 84, printer 94, CD-ROM 78, and display monitor 30. 

Display monitor 30 provides a graphical user interface 

(GUI) which allows a user to view and interact with 
software applications 26 stored in system memory or 

provided via a network, by displaying icons or other 
selectable mechanisms with which the user may interact. 

Also coupled to CPU are various devices, including 
modem 92, and network adapter 90, utilized for connecting 

data processing system 20 to other systems and/or 

networks, such as is illustrated in Figure 2. CD-ROM 78, 

modem 92, and network adapter 90 are depicted as external 

components; however those skilled in the art are familiar 
with the various structures of data processing system 
architecture and understand that these components may be 
housed inside of system unit 22 . 

Modem 92 is a communication device that enables a 

computer to transmit information over standard telephone 
lines or wireless connections such as cellular. Modem 92 

converts digital computer signals to interlock signals 
suitable for communications over these telephone media. 
Modem 92 can be utilized to connect data processing 

system 20 to a web server via remote access protocols. 

Modem 92 may also provide a connection to other sources, 

such as an electronic bulletin board (BBS) or the World 
Wide Web. 
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Ref erring now to Figure 2, there is depicted a basic 

representation of a distributed data network, such as the 
Internet. Internet 203 is depicted as a network cloud 

with connections to userPC 2 01 (i.e. the buyer's 

terminal), merchant web server 205, and depository 207, 

Web server 205 is typically a data processing system 

having a database, OS, and server software. UserPC 201 

is also typically a data processing system with OS and 
web browser software stored locally in memory for 
accessing sites on Internet 203. UserPC 201 is utilized 

by a buyer to access Internet 203 and conduct 

transactions with web server 205. Each node at which a 

connection to Internet 203 is made has a corresponding 

Internet Protocol (IP) address and universal resource 
location (URL) , Communication within the Internet may be 
handled via Transmission Control Protocol/Internet 
Protocol (TCP/IP) or other transfer protocol, which 
allows information to be transmitted to and from 
addresses assigned to each node. Use of URLs, for 
example, are common in modern networks. For example, web 
server 205 is made accessible to the users of the 

Internet via a web address, www.merchant.com 206. 

Depository 207 also has a corresponding URL, 

www.depository.com 208. Those skilled in the art 

appreciate that Internet 203 as illustrated herein may in 

fact be represented as an even more complex network of 
servers and with multiple buyers simultaneously accessing 
these servers to conduct E-commerce transactions. 
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A. ENSURING INTEGRITY OF TRANSACTIONS 

In a preferred embodiment, depository 2 07 is a data 

processing system having a data warehouse (e.g., hard 
drive) designed to store multiple documents 209 and 

provide later access to these documents 209. The hard 

drive is controlled with program code which includes a 
file protection subroutine. The file protection 
subroutine provides a write-once, read-many access 
permission to the hard drive. Thus, millions of 
documents 209 generated during commercial transactions on 

Internet 203 may be initially written to the hard drive. 

Once the document 209 has been stored, it is made 

accessible to the transacting parties only for the 
purpose of reading the content. A single readable copy 
remains resident on the hard drive and a copy may be 
provided to the party who requests to view the document 
209, Although not illustrated, depository 207 may also 

be equipped with input mechanisms and visual output 
mechanism, such as a monitor, by which a depository 
administrator may manage the hard drive. 

One preferred embodiment of the invention ensures 
that an E-commerce contract between buyer and seller 
remains unaltered after the agreement. The invention 
provides an electronic depository for depositing the 
contract after it has been created. Thus, at the 
conclusion of the E-commerce transaction, the contract is 
deposited in a third party depository via the Internet. 
The contract depository vouchsafes that the parties to 
the contract agreed to the terms of the contract . 
Further, the contract document cannot be modified 
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unilaterally because the depository is designed to not 
allow such alterations as described above. In case of 
later disputes the buyer, seller, arbitrator or judge can 
review the contract easily by accessing the third party 
depository over the Internet utilizing an assigned 
document identifier . 

Transmittal of the contract to a depository occurs 
as a result of a prior selection by the seller or buyer 
to utilize the depository during all E-commerce 
transactions. In one embodiment, the depository is an 
independent service made available to E-commerce servers 
(and/or clients) . The E-commerce server subscribes to 
the depository, and the E-commerce server's program code 
which handles its transactions is modified. This 
modification allows it to instantaneously link to the 
depository and transmit a document to the depository when 
a transaction is completed. Thus, all electronic 
documents generated during E-commerce transactions made 
on the E-commerce server are instantaneously forwarded to 
the depository. Alternatively, the depository may be 
made available for subscription by the clients who wish 
to protect their transactions. 

The depository may be managed by a system manager. 
Stored documents may be time-limited (i.e., stored for 
only a given period of time, such as 6 months.) . Each 
stored document is provided with a reference number or 
identifier (ID) by which the client and/or merchant may 
later access and view the document . 

Turning now to Figure 3, there is illustrated a 

different representation of a client-sever-depository 
configuration according to a preferred embodiment. E- 
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commerce server 3 01 represents the merchant in this 
description. E-commerce server 301 communicates with E- 
commerce client (buyer) 303 via a connection over the 
Internet (not shown) . Both components are in turn 
capable of communicating with depository 305, 

Figures 8A and 8B are graphical representations of a 
web browser utilized by a buyer during an E-commerce 
transaction described with reference to Figure 4, 

according to one embodiment of the invention. Web 
browser 800 is created with software code stored on the 

local client system and includes program subroutines for 
enabling a split screen representation as illustrated. 
First frame 803A is the buyer's connecting portal to the 

web site of the E-commerce server. As shown in Figure 4, 

the transaction process begins at block 401 usually when 

the buyer connects to the E-commerce server. The buyer 
views the seller's merchandise/products in first frame 
803A at block 403 and enters into a transaction for the 

purchase of a selected item at block 405, by interacting 
with E-commerce server (i.e., making selections of items 
displayed, etc.) in first frame 803A. Second frame 805A 

is the buyer's portal to the depository. In the 
preferred embodiment, when the buyer completes his 
transaction on first frame 803A and selects the 

completion button 807 on first frame 803A, the 

transaction request is sent to the E-commerce server. 
The server then returns a modified first frame 803B, at 

block 407, in which the transaction information is 

presented for buyer acceptance as shown in Figure 8B. 
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At block 409, the buyer selects the accept button 808 in 
modified first frame 803B and relevant information 

concerning the transaction is simultaneously transmitted 
to the depository at block 411 and mirrored in modified 
second frame 805B. By this method, the agreement is 

recorded as soon as the transaction is completed. The 
process of Figure 4 then ends at block 413 and the 

modified first frame 803B returns to the beginning of the 

transaction page for a new transaction. 

In a person to person transaction, both parties may 
have similar split-screens, so that the saved agreement 
is available to both parties for viewing while the 
transaction is being completed. The reference document 
number/ID is instantaneously assigned and transmitted to 
both parties when a document is received for storage as 
illustrated in second frame 805B of Figure 8B. In most 

application of the invention, the transactions will not 
be person to person as the server side transactions are 
generally automatic (i.e., processor controlled and 
transacted) . 

B. PRIVACY OF PERSONS ENTERING INTO E- COMMERCE 
TRANSACTIONS 

In another embodiment, the third party contract 
depository described above is adapted to provide enhanced 
privacy and security during E-commerce transactions. The 
depository executes registration code that stores 
personal "information", including financial information, 
and provides each subscriber with a transaction ID (TID) 
and password. The TID is utilized by the subscriber to 
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enter transactions over the Internet without revealing 
his/her personal information. The depository further 
executes transaction code by which the E-commerce 
transactions are completed. Limited access to the 
personal information is provided to the subscriber by the 
assigned password; however, no access is provided to the 
second party to a transaction except for payment 
information such as a credit card number. In one 
embodiment, the depository is controlled by the credit 
card company utilized in the transactions. 

In traditional E-commerce transactions, products are 
typically sent from the merchant to the buyer using 
independent commercial shipping agencies (shippers) such 
as the United States Postal Service, United Parcel 
Service (UPS) , Federal Express, etc. For example, many 
companies, which transact on-line, utilize UPS to ship 
their products. UPS sends its trucks to the company ^s 
physical site and picks up the products. Unlike the 
traditional pick-up method, where the product is labeled 
with the buyer ^s name and address, a security routing ID 
(SRID) is utilized in the invention. UPS is provided 
with a security routing ID along with the name and 
address of the buyer, which it places on the packages 
based on the SRID. In this manner, the buyer's personal 
information (e.g., name and address) is only placed on 
the product once it has reached the shipper, and the 
seller is never provided with this personal information. 

Referring now to Figure 5A, a block diagram 

representation of a second preferred embodiment of the 
invention is illustrated wherein privacy of a buyer is 
maintained during a commercial transaction. E-Commerce 
client 503 is linked via the Internet to E-commerce 
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server 501. Connecting arrows 502 indicate the direction 

of flow of information during an E-commerce transaction. 
Both E-commerce client 503 and E-commerce server 501 are 

linked to depository (database) 505. Depository 505 is 

in turn linked to a shipper 507, who is responsible for 

shipping the products sold by E-commerce server 501 to E- 

commerce client 503. Shipper 507 delivers the products 

purchased during an E-commerce transaction to physical 
address 509 of E-commerce client 503 via physical 

delivery route 508. 

In another embodiment, illustrated in Figure 5B, an 

electronic product (such as downloadable software or e- 
books) is purchased by E-commerce client 503. The 

physical delivery route 508 and physical address 509 of 

Figure 5A may not be required. Instead, connection via 

the Internet with the buyer's electronic (e.g., e-mail) 
address 504 is utilized, or alternatively, direct 

download to a storage location of a buyer's computer 
system is utilized. In Figures 5A, and 5B, the numbers 

on the arrows show the progression of the entire 
transaction as discussed in Figures 6A and 6B below. 

Figure 6A illustrates the process by which personal 

information required to complete a commercial transaction 
is provided only to a third party (i.e., not the 
merchant). The process begins at block 601. Prior to 

the transaction, the buyer's personal information is 
stored in the depository and the buyer is issued a 
transaction identifier (TID) at block 603. The buyer 
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then accesses the merchant's web site and begins the 
transaction at block 605, During the transaction, the 

buyer selects the method by which he wishes to identify 
himself, (i.e., the buyer may wish to enter all his 
personal information into the web site if he is not 
concerned with privacy and/or security or he may choose 
to provide only his TID if he is concerned with privacy 
or security) . Entering of personal information tends to 
be time consuming and regular on-line shoppers may 
utilize the functionality of the invention to reduce 
transaction time. In the preferred method of the 
invention, the buyer identifies himself to the seller 
only by his TID at block 607. When the transaction is 

completed, the E-commerce server forwards the buyer's TID 
to the depository at block 609. A check is made for the 

TID within the depository at block 611. If the TID is 

found (i.e., valid), then the transaction is approved and 
the buyer is sent an email or other message notifying him 
that his TID has been utilized at block 617. The E- 

commerce server is sent the SRID number and payment 
(e.g., credit card number) by the depository. The 

depository then forwards the buyer's personal information 
(i.e., physical address, etc.) along with the sellers 

information and SRID to the shipper at block 619. The E- 

commerce server alerts its warehouse/shipping personnel 
to prepare the product for pick-up by the shipper based 
on the SRID number. The SRID number is therefore 
provided to all parties involved (i.e., the buyer, web 
server, shipper and depository) to identify the 
transaction and related product. The process then ends 
at block 621. 
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If the TID is not found within the depository at 
block 611, the web server is notified at block 613. The 

web server then declines the transaction until a correct 
TID is provided or the buyer provides the information 
required in some other way at block 515. The process 

then ends at block 621. 

Although the process has been outlined utilizing the 
above process blocks, those skilled in the art will 
appreciate that other process blocks could have been 
included within the scope of the invention and those 
depicted are for illustration only. For example, process 
block 619 may be followed by a process block at which the 

shipper transmits the product (electronically or 
physically) to the buyer before the process ends. Also, 
another process block may have been included in which the 
depository optionally contacts, via instant messaging, 
the buyer to obtain verification of the transaction from 
the buyer. 

The above process is now revisited for transactions 
involving electronic products (i.e., not physical 
products that have to be physically shipped) and with 
reference the Figures 5B and 6B. The process begins at 

block 650. The buyer places an order for an electronic 

product (E-product (e.g., an E-book or software)) at 
block 651. Once the order is placed, an order number and 

price is assigned to the transaction at block 653. The 

communication application of the buyer's computer system 
then automatically transmits the order number and price 
to the third party depository at block 655. Upon 

receiving the transaction information, the third party 
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depository sends the payment amount to the E- commerce 
server along with the order number at block 657 . The E- 

commerce server transmits the E-product to the third 
party depository at block 659. Finally, the third party 

depository transmits the E-product to the buyer at block 
661. The process then ends at block 663. The order 

number is attached to each of the above electronic 
transmittals to track the buyer and respective seller. 
In one embodiment, the order number has a seller's 
identifying information so that it is easily found in a 
database lookup at the depository. 

In an alternative embodiment, the server may 
directly send the electronic product to the buyer once 
payment is received at block 657; however this permits 

the seller to have the buyer's email address, which may 
not be desired. 

Figure 8C illustrates a graphical user interface 

(web browser) within which a user may complete an 
anonymous E-commerce transaction. The layout of Figure 

8C has been described above with reference to Figures 8A 

and SB. Also illustrated in Figure 8A is a buyer 

information box 804 in which a buyer may elect to enter 

his TID number to preserve his anonymity or alternatively 
to enter his personal information. Once a TID number is 
entered, the process of utilizing the depository to 
complete the transaction is initiated. In Figure 8C, 

first frame 803C has a transaction completion page 

displayed in which a buyer's TID is shown as having been 
entered. Second frame 805C illustrates transaction 

information at the depository based on a transfer of an 
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electronic product from seller to depository utilizing 
the SRID number and buyer ^ s TID number . 

A more specific example is now presented. In this 
example, third party depository is controlled by a credit 
card company. The credit card company provides the 
service of managing the delivery of purchased products 
from an E-commerce transaction concluded with the buyer's 
issued credit card number and the TID. The buyer 
provides the credit card company with his e-mail address 
and/or physical mailing address when he obtains the 
credit card and corresponding card number. When the 
buyer buys from an electronic merchant, he provides the 
merchant with only his TID number. In case of a purchase 
of an electronic product, the merchant sends the 
electronic product with the TID number to the credit card 
company and the credit card company forwards the 
electronic content to the buyer and the required payment 
to the merchant . 

In case of physical delivery of merchandise to a 
physical address, the merchant sends to the credit card 
company (1) the TID number, (2) the corresponding SRID 
number (which could be the same as the credit card 
transaction authorization confirmation number received 
from the credit card company) , and (3) the name of the 
shipping agent. The credit card company links the 
address field for the buyer and the corresponding SRID 
number and forward these to the shipping agent . 

The merchant provides the SRID number on the package 
to be delivered, and the shipping agent attaches the 
physical address obtained from the credit card company. 
Hence, the seller is never provided with the buyer's 
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shipping address (or name) , thereby ensuring anonymity. 
This process also ensures that the package is shipped 
only to the buyer's shipping address provided to the 
credit card company, which allows for added security. 
Accordingly, privacy of the buyer is substantially 
improved and/or maintained with the exception of his 
credit card number. Security is enhanced as the credit 
card issuer can ensure that the product is delivered to 
the appropriate person and the appropriate physical or 
electronic address . 

An extension of the above embodiment operates to 
provide a 2 -party anonymous transaction (i.e., both 
parties maintain confidentiality) . In Figure 7A, client 

A 701 and client Z 703 are each assigned a unique TID, X 

and Y, respectively. The unique TID is linked within the 
depository 705 to the user's name, e-mail address, 

physical address and credit card number. Depository 705 

is utilized as a transaction proxy. Client A 701 

advertises merchandise on depository 7 05 with his TID. 

Client Z 703 substantially may access the depository 705 

and purchase the merchandise utilizing his TID. The 
depository 705 forwards the payment to client A 701 and 

ships the product to client Z 703. 

Figure 7B illustrates the use of the third party 

depository 709 as a proxy server. Use of the third party 

depository 709 as a proxy server operates to protect the 

personal information of both the seller web server, 
client A 707 as well as the buyer, client Z 711. Thus 

each party is assigned a pseudonym or TID and transact 
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through the depository via the pseudonyms. In this way, 
client z 711 does not have access to the name and address 

of the owner of the server 707 via the server databases 

established by Network Solutions, for example. 

Some of the advantages of the use of a third party 
depository include: 

1. The use of a depository is much more understandable 
to unsophisticated users as it does not involve 
digital signatures, which are complex and prone to 
fraud; 

2. The use of a depository eliminates the associated 
overhead and recurring yearly costs of certifying 
digital signatures, which is high for individual 
buyers ; 

3. Storage of a contract in a third party depository 
(particularly if it is for a few months for a 
merchandise purchase) is very cheap as disk space is 
inexpens i ve ; and 

4. In contested transactions, a single sheet agreement 
on terms and price that is maintained in a third 
party depository is very beneficial in establishing 
the true terms of the agreement. 

It is important to note that while the present 
invention has been described in the context of a fully 
functional data processing system, those skilled in the 
art will appreciate that certain elements of the method 
of the present invention are capable of being distributed 
in the form of a computer readable medium of instructions 
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in a variety of forms, and that the present invention 
applies equally, regardless of the particular type of 
signal bearing media utilized to actually carry out the 
distribution. Examples of computer readable media 
include: nonvolatile, hard-coded type media such as Read 
Only Memories (ROMs) or Erasable, Electrically 
Programmable Read Only Memories (EEPROMs) , recordable 
type media such as floppy disks, hard disk drives and CD- 
ROMs, and transmission type media such as digital and 
analog communication links. 

While the invention has been particularly shown and 
described with reference to a preferred embodiment, it 
will be understood by those skilled in the art that 
various changes in form and detail may be made therein 
without departing from the spirit and scope of the 
invention. For example, although the invention has been 
explained with reference to protecting the personal 
information of the buying party, it is conceivable that 
the invention may be applied to transactions where the 
selling party desires his personal information be 
protected. 
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CLAIMS ; 

What is claimed is: 



1 1. A method for maintaining confidentiality of personal 

2 information during E-commerce transactions comprising the 

3 steps of: 

4 compiling a profile of personal information within 

5 an electronic depository for at least a first party to an 

6 E-commerce transaction; 

f^l 7 providing said first party a unique transaction 

m 8 identifier linked to said profile for use during said E- 

Tl 9 commerce transaction; and 

^==^^'10 in response to said first party providing said 

imi transaction identifier to a second party to said E- 

^12 commerce transaction, completing said transaction 

f^li3 utilizing said electronic depository without said second 

f1ii4 party receiving any of said personal information. 

1 2. The method of Claim 1, wherein said first party is a 

2 buyer and said second party is a merchant having a web 

3 server for initiating E-commerce transactions, and said 

4 completing step further includes the step of locating 

5 said transaction identifier in said electronic 

6 depository. 
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1 3. The method of Claim 2, wherein said completing step 

2 further includes the steps of: 

3 assigning a security routing identifier (SRID) for 

4 utilization by a shipper and said merchant to match a 

5 product with a buyer's address; 

6 receiving said transaction identifier along with 

7 said security routing identifier at said depository; and 

8 forwarding at least a portion of said profile to 

9 said shipper along with said SRID, wherein said shipper 
^jo receives a product from said merchant utilizing only said 
;Jf.i SRID and sends said product to said buyer utilizing said 
IJi2 profile. 

f^i 4. The method of Claim 3, wherein said receiving step 

2 includes the step of automatically notifying said buyer 

^3 of a receipt of said transaction information. 

JSji 5. The method of Claim 3, wherein said product for said 

2 transaction is electronic and said receiving step further 

3 includes the step of electronically receiving said 

4 product at said depository and then transmitting said 

5 product to said buyer. 

1 6. The method of Claim 1, wherein said step of 

2 providing a unique transaction identifier comprises the 

3 step of providing a credit card number. 
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1 7. The method of Claim 1, wherein said second party and 

2 has a unique TID, further comprising the steps of 

3 completing said E-commerce transaction on a server of 

4 said electronic depository wherein said transaction is 

5 completed on said server without said first party and 

6 said second party receiving any of said personal 

7 information of the other party. 
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1 8. A client-based method for maintaining 

2 confidentiality of personal information during E-commerce 

3 transactions comprising the steps of: 

4 creating a profile of personal information within an 

5 electronic depository for at least a first party to an E- 

6 commerce transaction, wherein said first party is 

7 provided a unique transaction identifier linked to said 

8 profile for use during said E-commerce transaction; and 

9 in response to said first party providing said 

10 transaction identifier to a second party to said E- 

11 commerce transaction, forwarding information related to 

d 

,7^2 said E-commere transaction to said electronic depository, 

y|3 wherein said transaction is completed by said electronic 

^4 depository without said second party receiving any of 

||i5 said personal information, 

Oi 9. The method of Claim 8, further comprising the step 

^2 of enabling said first party to select whether or not to 

S|3 provide said personal information to said second party. 

1 10. The method of Claim 9, wherein said enabling step 

2 further comprises the step of providing a web browser 

3 application having a graphical user interface (GUI) on an 

4 Internet access system of said client, wherein said GUI 

5 provides a plurality of selectable options for said first 

6 party including utilizing a transaction identifier to 

7 complete said E-commerce transaction. 
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11. A system for maintaining confidentiality of personal 
information during E-commerce transactions comprising: 

an electronic depository utilized for storing a 
profile of personal information for at least a first 
party to an E-commerce transactions- 
registration utility affiliated with said depository 
for assigning said first party a unique transaction 
identifier linked to said profile for use during said E- 
commerce transaction; 

transaction utility affiliated with said depository 
for completing said E-commerce transactions utilizing 
said electronic depository in response to said first 
party providing said transaction identifier to a second 
party to said E-commerce transaction, wherein said second 
party does not receive any of said personal information 
of said first party. 

12. The system of Claim 11, wherein said first party is 
a buyer and said second party is a merchant having a web 
server for initiating E-commerce transactions, and said 
transaction utility includes means for locating said 
transaction identifier in said electronic depository, 

13. The system of Claim 12, wherein said transaction 
utility further includes: 

means for assigning a security routing identifier 
(SRID) for utilization by a shipper and said merchant to 
match a product with a buyer ^s address; 
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6 means for receiving said transaction identifier 

7 along with said security routing identifier to said 

8 depository; and 

9 means for forwarding at least a portion of said 

10 profile to said shipper along with said SRID, wherein 

11 said shipper receives a product from said merchant 

12 utilizing only said SRID and sends said product to said 

13 buyer utilizing said profile, 

1 14. The system of Claim 13, wherein said receiving means 
includes means for automatically notifying said buyer 

•Ji3 party of a receipt of said transaction information. 

mi 15. The system of Claim 13, wherein said product for 

■:^^2 said transaction is electronic and said receiving means 

Si 3 further includes electronically receiving said product at 

said depository and then transmitting said product to 

m5 said buyer. 

1 16, The system of Claim 11, wherein said registration 

2 utility which provides a unique transaction identifier 

3 comprises means for providing a credit card number. 
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17, The system of Claim 12, wherein said second party 
also has a unique TID, further comprising means for 
completing said E-commerce transaction on a server of 
said electronic depository wherein said transaction is 
completed on said server without said first party and 
said second party receiving any of said personal 
information of the other party. 
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1 18. A computer program product for maintaining 

2 confidentiality of personal information during E-commerce 

3 transactions, comprising: 

4 a computer usable medium; and 

5 program instructions stored within said computer 

6 usable medium, for: 

7 compiling a profile of personal information within 

8 an electronic depository for at least a first party to an 

9 E-commerce transaction; 

;1|o providing said first party a unique transaction 

111 identifier linked to said profile for use during said E- 

^ commerce transaction; and 

^ in response to said first party providing said 

!i4 transaction identifier to a second party to said E- 

yfe commerce transaction, completing said transaction 

^ utilizing said electronic depository without said second 
party receiving any of said personal information. 

1 19. The computer program product of Claim 18, wherein 

2 said first party is a buyer and said second party is a 

3 merchant having a web server for initiating E-commerce 

4 transactions, and said program instructions for 

5 completing said transaction further comprise program 

6 instructions for locating said transaction identifier in 

7 said electronic depository. 
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1 20. The computer program product of Claim 19, wherein 

2 said program instructions for enabling buyer selection 

3 further comprise program instructions for providing a web 

4 browser application having a graphical user interface 

5 (GUI) on an Internet access system of said buyer, wherein 

6 said GUI provides a plurality of selectable options for 

7 said buyer including utilizing a TID to complete said E- 

8 commerce transaction. 

1 21. The computer program product of Claim 19, wherein 

2 said program instructions for completing said transaction 
^3 further include program instructions for: 

lik assigning a security routing identifier (SRID) for 

'p^s utilization by a shipper and said merchant to match a 

|IK product with a buyer's address; 

:: tffi 

r 7 receiving said transaction identifier along with 

Cjs said security routing identifier to said depository; and 

M9 forwarding at least a portion of said profile to 

j^o said shipper along with said SRID, wherein said shipper 

11 receives a product from said merchant utilizing only said 

12 SRID and sends said product to said buyer utilizing said 

13 profile, 

1 22. The computer program product of Claim 21, wherein 

2 said program instructions for receiving relevant 

3 information include program instructions for 

4 automatically notifying said buyer party of a receipt of 

5 said transaction information. 
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1 23. The computer program product of Claim 21, wherein 

2 said product for said transaction is electronic and said 

3 program instructions for said receiving step further 

4 includes program instructions for electronically 

5 transmitting said product to said depository and then to 

6 said buyer. 

1 24. The computer program product of Claim 18, wherein 

2 said program instructions for providing a unique 

3 transaction identifier comprises program instructions for 

4 providing a credit card number. 

till 25. The computer program product of Claim 18, wherein 

^ said second party also has a unique TID, further 

11^3 comprising program instructions for completing said E- 

commerce transaction on a server of said electronic 

"~'5 depository wherein said transaction is completed on said 

Qs server without first party or said second party receiving 

3 any of said personal information of the other party. 
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1 26, A computer program product for maintaining 

2 confidentiality of personal information during E-commerce 

3 transactions comprising: 

4 a computer readable medium; and 

5 program instructions stored on said computer 

6 readable medium for: 

7 creating a profile of personal information within an 

8 electronic depository for at least a first party to an E- 

9 commerce transaction, wherein said first party is 
provided a unique transaction identifier linked to said 

y 

.^1 profile for use during said E-commerce transaction; 

ii 

32 enabling said first party to connect to and interact 

lib with a server of a second party; and 

.14 in response to said first party providing said 

'Ws transaction identifier to a second party to said E- 

fie commerce transaction, forwarding information related to 

V, "ft?. 

'=#7 said E-commere transaction to said electronic depository, 

3^ wherein said transaction is completed by said electronic 

19 depository without said second party receiving any of 

20 said personal information. 

1 27. The computer program product of Claim 26, further 

2 comprising program instructions for enabling said first 

3 party to select whether or not to provide said personal 

4 information to said second party. 
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1 28. The computer program product of Claim 26, wherein 

2 said program instructions for said enabling step further 

3 comprises program instructions for providing a web 

4 browser application having a graphical user interface 

5 (GUI) on an Internet access system of said client, 

€ wherein said GUI provides a plurality of selectable 

7 options for said first party including utilizing a 

8 transaction identifier to complete said E-commerce 

9 transaction. 
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ABSTRACT OF THE DISCLOSURE 



MAINTAINING CONFIDENTIALITY OF PERSONAL INFORMATION 
DURING E- COMMERCE TRANSACTIONS 



A method, system and program for maintaining 
confidentiality of personal information during E-commerce 
transactions. The method, means and program function 
include: (1) compiling a profile of personal information 
within a depository for at least the buying party to an 
E-commerce transaction; (2) providing the buying party 
with a unique identifier linked to his profile for use 
during subsequent E-commerce transactions; and (3) in 
response to the buying party providing the identifier to 
a merchant, completing the E-commerce transaction at the 
depository without providing any of the buyer's personal 
information to the merchant. 
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